The Xerox Response … The Xerox Security Model

Xerox has created services and technologies that are infused with security at every level. We have organized our efforts along the following lines.

"Our broad portfolio of patented technologies enables a consistent, interoperable foundation that drives the growth of digital distribution of content and services across all media types and platforms." —Source: Xerox Innovation Group

Product and IT Outsourcing Security

Xerox is committed to being the leader in multifunction device and
printer security. As such, we also are committed to helping customers
maintain a secure network environment, particularly as it relates to the
use of multifunction products (MFPs) - those that print, copy, fax and
scan. Since all MFPs, regardless of vendor, contain hard drives and
software, they require security precautions associated with other
network peripherals. We introduced the industry's first office MFP in
1995 and are in the forefront in the development of security features
for these systems.

We strongly endorse the internationally recognized ISO 15408 Common
Criteria for Information Technology Security Evaluation and have
validated more than 50 of our office MFPs to this standard. This gives
Xerox one of the industry's broadest arrays of printers and copiers
certified to meet our customers' strictest security requirements. Our
policy and practice is to have an entire multifunction system evaluated
- not just individual features or a security kit.

Although we test extensively for security vulnerabilities in our
software before we bring a product to market, we recognize that someone
with intent and the requisite knowledge may, at times, find a way around
security protections. We encourage people to notify us of any network
security concerns, and we move immediately to provide a solution. We
develop software patches for vulnerabilities and post them here. In addition, we
quickly update our manufacturing process to integrate the security
fixes.

We manage security throughout the product life cycle, from design to
development, manufacturing, deployment and, ultimately, to disposal.
Security functionality is completely integrated at the individual device
level and extends seamlessly to the fleet. State-of-the-art encryption
is used extensively to protect customer information, both while at rest
in the device and in motion to and from the device. The authentication
and authorization features are unmatched in their ability to control
usage; yet, they also are easy to use. We put special emphasis on the
care and handling of machines that are returned to us after lease
expiration or otherwise. Disks in these devices are destroyed or
completely re-mastered to remove any residual customer information
before they are reused.

Ensuring the security of the systems and networks supported by ITO for
our clients is paramount. Security solutions can be designed to meet the
needs of a specific client and utilize a robust suite of solutions and
products to meet those needs. Solutions such as application security,
vulnerability management, access and identity management, encryption and
user provisioning aid clients in managing their risk. Security is
integrated into client solutions from the beginning of the engagement
and maintained throughout the life cycle of the contract.